Stars
A wordlist of API documentation endpoint used for fuzzing web application APIs.
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more c…
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
This repository contain a CheatSheet for OSWP & WiFi Cracking.
OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
OSCP Cheatsheet by Sai Sathvik
An OSINT tool that helps detect members of a company with leaked credentials
Burp Suite Certified Practitioner Exam Study
This Repositories contains list of One Liners with Descriptions and Installation requirements
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
📓 Books, reference guides and resources on Regular Expressions, CLI one-liners, Scripting Languages and Vim.
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
netshell features all in version 2 powershell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
Tool for collect subdomains from different websites but the unique in tool collect subdomains from subdomainfinder.c99 and collect all subdomains from rapiddns.io but here collect subdomains from a…
A public collection of POCs & Exploits for the vulnerabilities I discovered
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference